PyPI Security MCP

MCPOpen SourceMIT28.6

by kimasplund • Testing & QA

A security-focused MCP server that helps AI agents search PyPI, scan package and project dependencies for vulnerabilities, and recommend safer Python packages.

Example Use Cases

1
Search PyPI for packages while filtering out known-vulnerable releases and getting security-aware package recommendations.
2
Audit a project's dependencies (requirements.txt, pyproject.toml, or installed environment), including transitive dependencies, for OSV-reported vulnerabilities.
3
Compare package versions, retrieve release metadata/changelogs, and get prioritized remediation plans and security scores for CI/CD or developer guidance.

Description

MCP-PyPI is a Model Context Protocol server that provides security-aware package discovery, dependency analysis, and vulnerability scanning (via OSV) for Python projects. It can search packages, fetch metadata and releases, build dependency trees, and perform project-wide security audits with caching for performance. The server offers risk scoring, prioritized remediation suggestions, and CLI/programmatic interfaces to integrate security checks into agent workflows and CI/CD.

Quick Actions

View on GitHub

Security

Scanned 2 month(s) ago

Risk Level

MINIMAL

Read-only data retrieval, no side effects

Trust Score

D44/100

4/17 checks passed

Scores are informational only and provided “as is” without warranty. AgentHotspot assumes no liability for actions taken based on these ratings.

Quick Stats

Service TypeMCP

Pricing ModelFreemium

Capabilities0 Tools / 0 Prompts / 0 Resources

Ownerkimasplund

CategoryTesting & QA

DependenciesStandalone